A digital or cyber attack on an airline may take the form of a direct attack or an introduction of malicious software such as virus and worm. A successful attack may cause a catastrophe. For example, a digital attack directed against an aircraft's computer system may cause the system to malfunction or shut down the aircraft while the aircraft is airborne. Conversely, a device within or on board an aircraft may start a digital attack, targeting a network point either within the airline or outside the airline.
When an intrusion in computer or telecommunications systems is discovered, response resources must be directed to a physical location of the equipment associated with the intrusion, in theory, for attacks involving aircraft, response resources can be directed to a physical location of the aircraft. In practice, this requires extensive efforts to correlate existing threat information, authentication data, flight data, dramatically reducing response time. For example, today, most responses to an intrusion require manual review of TCP/IP switch information, manual drawing of network “maps” and, most importantly, trying to mitigate an intrusion in a sequential or business prioritization order while these efforts are being undertaken. These response schemes do not allow for an organization's management to easily identify the geographical location of the problem(s) and the location(s) at which resources are most needed. Furthermore, current response schemes do not allow an organization's response or management team timely access to geographical view(s) of the location of the intrusions together with information relating to the status or progress of the response to the intrusion. In other words, intrusion response involving deployment of technical and/or human resources is done on an ad hoc basis, following the intrusions, which limits the ability to prioritize these technical or human resources.